Business Continuity Management or Risk Management? Aligning Expectations for Business Strategies by Dr Goh Moh Heng

2,110 views

Published on

Published in: Business, Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
2,110
On SlideShare
0
From Embeds
0
Number of Embeds
198
Actions
Shares
0
Downloads
94
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • BCM Institute Leading global Business Continuity (BC) & Disaster Recovery (D R) Institute. Established in 2005. Offers a wide range of quality BC and DR courses. Certified over 1,250 professionals from 36 countries.
  • This table is a guide on the severity of the impact caused by the threat that occurred.
  • Business Continuity Management or Risk Management? Aligning Expectations for Business Strategies by Dr Goh Moh Heng

    1. 1. Welcome<br />
    2. 2. Navigating Through Uncertainties of Risk<br />Dr Goh Moh Heng <br />PhD BCCE DRCE BCCLA<br />President<br />2<br />
    3. 3. BCM Institute<br />Started in January 2005.<br />Provide competency based BC-DR training to all levels.<br />Certify BC-DR professionals globally.<br />Started Certification programme in April 2007.<br />More than 1500 professionals from 850 organizations and 40 countries.<br />
    4. 4. Professional Certification<br />Business Continuity<br />IT Disaster <br />Recovery<br />BCM Audit<br />Membership<br />
    5. 5. Business Continuity Management or Risk Management? Aligning Expectations for Business Strategies<br />Dr. Goh Moh Heng PhD BCCE DRCE BCCLAPresident, BCM Institute and Managing Director, GMH Continuity Architects<br />
    6. 6. Agenda<br />BC Planning Methodology<br />Risk Analysis and Review<br />Risk Assessment Process<br />Step-by-stepAchieving Certification<br />
    7. 7. BCM Planning Methodology<br />Source: <br />Goh, Moh Heng (2008): Analyzing and Review the Risk for Business Continuity Planning ISBN: 978-981-05-9215-8<br />
    8. 8. Risk Analysis & Review<br />
    9. 9. Identify Assets & Threats<br /><ul><li>Identify Organisational Assets
    10. 10. Identify Threats</li></li></ul><li>Identify Organisational Assets<br />Assets essential to carry out mission<br />Examples: <br />Facilities<br />People<br />Data<br />Software<br />Applications<br />Equipment<br />
    11. 11. Identify Threats<br />Man-Made<br />Toxic and radioactive contamination<br />Sabotage (both external and internal)<br />Riot, civil disorder and coup<br />Fraud and embezzlement<br />Accidental explosion (on and offsite)<br />Water leak and plumbing failure<br />Workplace violence<br />Terrorism<br />Aircraft crash<br />Vandalism<br />Arson<br />Physical asset theft<br />Misuse of resources<br />Building and physical security weakness<br />Fire<br />Natural<br />Tornado (wind storm)<br />Thunderstorm and hail storm<br />Lightning and electrical storm<br />Snow and winter ice storm<br />Typhoon and hurricane<br />Flood and other water-based incident<br />Earthquake<br />Mudslide<br />Volcanic eruption and ash fallout<br />Tsunami<br />Large natural fire<br />Epidemic and pandemic<br />
    12. 12. Identify Threats<br />Business<br />Power outage<br />Labor dispute<br />Employee turnover and single point of failure<br />Unavailability of key personnel<br />Human error<br />Gas outage<br />Water outage<br />Loss of transportation<br />Single source suppliers<br />Information Technology <br />Voice and data telecommunication failure<br />IT equipment failure<br />Human error from programmers and users<br />Security vulnerability<br />Data and software sabotage<br />In-house developed application failure<br />HVAC failure<br />Defective software<br />
    13. 13. Analyse Risks<br />Estimate the risk likelihood of occurrence<br />Identify risk impact of the threat materializing<br />Determine risk (rating) level<br />
    14. 14. Descriptor: Risk Likelihood of Event<br />
    15. 15. Descriptor: Risk Impact of Event<br />
    16. 16. Risk Analysis Process<br />Controls<br />What is cost for the Controls to be implemented?<br />What Controls are in place?<br />Risk <br />Rating<br />What is the potential loss exposures to business?<br />How does the threat affect business operations?<br />What is the likelihood that the threat will adversely affect business operations?<br />Threats<br />Risk Likelihood<br />What is the effects on people, infrastructure, facilities, and systems?<br />Risk Impact<br />What are the adverse events that can occur?<br />
    17. 17. Risk Evaluation<br />Assess Risk Rating and prioritized for further treatment<br />
    18. 18. Risk Rating andLevel Matrix<br />
    19. 19. Risk Evaluation: Risk Rating<br />
    20. 20. Evaluation Criteria<br />Criteria Examples:<br />People<br />Processes<br />Infrastructure<br />Weighting for different criteria<br />
    21. 21. Risk Treatment<br />Explore Risk Treatment Strategies for risks deemed unacceptable<br />Document reasons for selection of strategy for each risk treatment<br />
    22. 22. Risk Analysis Process<br />Controls<br />What is cost for the Controls to be implemented?<br />What Controls are in place? What risk treatment?<br />Risk <br />Rating<br />What is the potential loss exposures to business?<br />How does the threat affect business operations?<br />What is the likelihood that the threat will adversely affect business operations?<br />Threats<br />Risk Likelihood<br />What is the effects on people, infrastructure, facilities, and systems?<br />Risk Impact<br />What are the adverse events that can occur?<br />
    23. 23. Risk Treatment Strategies<br />Risk Acceptance<br />Risk Avoidance<br />Risk Transfer<br />Risk Reduction<br />
    24. 24. Risk Treatment Strategies<br />Transfer<br />Avoid<br />Reduce / <br />Active Control<br />Reduce (if Cost <br />Justifiable)<br />Accept<br />
    25. 25. Risk Reduction<br />Fire<br />Pandemic<br />Business Continuity Plan (BCP)<br />
    26. 26. Risk Analysis and Business Continuity Planning<br />Process<br />Risk Treatment Strategies<br />Treatment for risks that could potentially interrupt business operations<br />
    27. 27. Risk Treatment<br />27<br />04-<br />
    28. 28. Implement & Monitor<br />Present Recommendations to management for approval <br />Implement recommendations<br />Monitor results<br />Adjust as necessary<br />
    29. 29. Risk Analysis Process<br />
    30. 30.
    31. 31. THANK YOU<br />Dr Goh Moh Heng<br />President<br />Mobile: +65 96711022<br />Tel: +65 63231500<br />Fax: +65 63230933<br />Email: moh_heng@bcm-institute.org<br />

    ×